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Sir: 



AMENDMENT 



In response to the telephone interview of October 23, 2008, with the 
Examiner, please amend the application as follows: 
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AMENDMENTS TO THE SPECIFICATION 

Please amend paragraph [0034], beginning on page 1 1 as follows: 
[0034] Embodiments of the present invention may be provided as a computer 

program product, which may include a machine-readable medium having stored thereon 
instructions that may be are used to program a computer (or other electronic devices) to 
perform a process. The machine-readable medium may include, but is not limited to, 
magnetic disks, floppy diskettes, optical disks, compact disc read-only memories (CD- 
ROMs, CD-Rs, CD-RWs), digital versatile disks (DVD-ROM, DVDH-RW), and 
magneto-optical disks, ROMs, random access memories (RAMs), erasable programmable 
read-only memories (EPROMs), electrically erasable programmable read-only memories 
(EEPROMs), magnetic or optical cards, and flash memory , or other type of 

embodiments of the present invention may also be downloaded as a computer program 
product, wherein the program may be transferred from a remote computer to a requesting 
computer by way of data signals embodied in a carrier wave or other propagation 
medium via a communication link (e.g., a modem or network connection). 

Please amend paragraph [0038], beginning on page 12 as follows: 

[003S] The phrase "Customized Execution Environment" or "CE 2 " generally 

refers to a customized operating environment itself in which there is provided a set of 
system services implemented in software having direct access and full control over a 
portion of system resources. CE 2 s are quite distinct from an operating system or 
specialized operating system and depending upon the particular embodim e nt may inclu de 
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m ore of the followin g-features are characterized by : 

1 . A CE 2 may eemprise comprises both statically linked system code and 
data modules and application code and data modules; 

2. A CE 2 may iaek- lacks the capability to load or to load and execute any 
other application; 

3. The functional capabilities of a CE2 may fee strictly are limited to only 
those services required by a particular application or small set of 
predetermined applications; 

4. A CE 2 t ypically falls far short of the capabilities expected of an operating 
system; specifically, in on e embodim e nt s-applications are limited to a 
single thread of execution m on each proeesse? of one or more processors 
controlled by the CE 2 ; 

5. The services interfaces of a CE2 may fee are simple and specialized for 
each of one or a small set of particular applications, rather than being 
comprised by a more complex and general Application Programming 
Interface (API) for a broad class of applications; 

& Managem e nt strategies for syst e m - r -esQ urccs - sometimes diff e r entirely 

from those strategies adopt e d by traditi enaj- gcncral - purpose operating 

6?. A CE 2 may utilize utilizes hardware capabilities not supported by a 
general-purpose or symbiotic general-purpose operating system; 

7&. A CE 2 may-make makes substantial use of hardware capabilities not well 
utilized by a general-purpose or symbiotic general-purpose operating 
system; 

89. The services provided to the application within a CE 2 may fee are designed 
to enable an application far more easily to recover and continue from a 
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system error. 
and may be additionally characterized by: 

91 0. Management strategies for system resources s ometim e s differ enfeeiy 
from those strategies adopted by traditional general-purpose operating 
systems; 

According to one embodiment of the present invention, a general-purpose operating 
system at least temporarily relinquishes control of all or a portion of system resources 
associated with a computer system to one or more CE 2 s. According to another 
embodiment, a CE 2 may be booted on hardware directly. For example, a general-purpose 
operating system may launch a CE 2 without ever taking control over the portion of 
system resources to be controlled by the CE 2 . In still another embodiment, both the 
general-purpose operating system and one or more CE 2 s may be booted into distinct 
hardware partitions such as those provided in the Hewlett Packard Superdome platform, 
CE 2 s are typically specialized for a particular hardware platform. According to one 
embodiment, a CE 2 is non-portable and there are no general-purpose operating system 
abstractions interposed between the customized execution environment and the system 
resources allocated to the customized execution environment. Typically, system services 
provided by a CE 2 will implement a simplified computational structure and/or an I/O 
structure that are tuned for a particular application. For example, a CE 2 may take 
advantage of certain processor or other system resource features that are not exploited by 
the general-purpose operating system. According to one embodiment, a tuned CE 2 is 
provided to support a web edge engine, such as a web server, secure web server, proxy 
server, secure proxy server or other application or communication servers, to allow the 
web edge engine to drive the utilization of network connections as close as possible to 
100%. 
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AMENDMENTS TO THE CLAIMS 

1 . (previously presented)A method comprising: 

providing a computer-readable medium encoded with instructions that 
implement one or more customized execution environments, each customized execution 
environment providing an execution environment for a single application and exclusively 
managing a subset of hardware resources of a computer system, with no operating system 
abstractions or interfaces interposed between the customized execution environment and 
the subset of hardware resources; 

determining which hardware resources of the computer system are to 
remain under control of a resident operating system executing within the computer 
system and which of the hardware resources of the computer system constitute each 
subset of hardware resources of the computer system managed exclusively by one of the 
one or more customized execution environments; and 

partitioning the hardware resources among tire resident operating system 
and the one or more customized execution environments by associating one or more 
partitions of the hardware resources with the one or more customized execution 
environments. 

2. (previously presented) The method of claim 1, wherein said partitioning the 
hardware resources comprises the resident operating system configuring the one or more 
partitions using hardware-based isolation features provided by one or more processors of 
the computer system. 

3. (original) The method of claim 2, further comprising the resident operating 
system entering a dormant state. 

4. (previously presented) The method of claim 1, wherein said partitioning the 
hardware resources comprises the operating system configuring the one or more 
partitions using a secure-platform interface. 
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5. (previously presented) The method of claim 4j further comprising the resident 
operating system retaining full control of one or more of the partitions and remaining 
active after said partitioning the hardware resources. 

6. (previously presented) The method of claim 1, wherein said partitioning the 
hardware resources comprises a system administrator configuring the one or more 
partitions using hardware partitioning capability by the computer system. 

7. (previously presented) The method of claim 6, further comprising separately 
booting the resident operating system and the one or more customized execution 
environments within their respective configured partitions. 

8. (previously presented) The method of claim 1, further comprising a customized 
execution environment of the one or more customized execution environments making 
use of capabilities of the computer system not supported by the resident operating system. 

9. (previously presented) The method of claim 1, wherein a customized execution 
environment of the one or more customized execution environments comprises both 
statically linked system code and data modules and application code and data modules. 

1 0. (previously presented) The method of claim 1, wherein functional capabilities of a 
customized execution environment of the one or more customized execution 
environments is strictly limited to only those services required by a small set of 
predetermined applications, 

11. (previously presented) The method of claim 1, where in an application within a 
customized execution environment of the one or more customized execution 
environments is limited to a single thread of execution in a processor controlled by the 
CE 2 . 
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12. (previously presented) The method of claim 1, wherein a customized execution 
environment of the one or more customized execution environments utilizes hardware 
capabilities not supported by the resident operating system. 

13. (previously presented) The method of claim 1 } wherein services provided to an 
application within a customized execution environment of the one or more customized 
execution environments enable the application to recover and continue from a system 
error. 

14. (previously presented) The method of claim 1, wherein a customized execution 
environment of the one or more customized execution environments is non-portable. 

15. (previously presented) The method of claim 1, wherein services provided to an 
application within a customized execution environment of the one or more customized 
execution environments utilize no general-purpose operating system abstractions. 

16. (previously presented) The method of claim 1, wherein services within a 
customized execution environment employ entirely different resource management 
strategies than those used by a general-purpose operating system. 

1 7. (previously presented) A method comprising 

providing a computer-readable medium encoded with instructions that implement 
a customized execution environment, the customized execution environment providing an 
execution environment for a single application, and exclusively managing a subset of 
hardware resources of a computer system, with no operating system abstractions or 
interfaces interposed between the customized execution environment and the subset of 
hardware resources; 
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partitioning, by an operating system executing within the computer system, the 
system hardware resources of the computer system, including one or more processors and 
one or more ranges of physical memory, by 

determining which of the hardware resources are to remain under control 
of the operating system and which of the hardware resources are to be placed within the 
subset of hardware resources exclusively managed by the customized execution 
environment 

associating a first partition of the hardware resources with the customized 
execution environment; and 

the operating system surrendering full control of the first partition of the 
system hardware resources to the customized execution environment. 

18, (previously presented) The method of claim 17, wherein the information 
regarding a customized execution environment includes a directive to partition hardware 
resources and an associated partition descriptor, the partition descriptor identifying 
hardware resources needed by the customized execution environment and indicating how 
partitions are to be configured. 

19, (previously presented) The method of claim 17, wherein said associating a first 
partition of the hardware resources with the customized execution environment comprises 
disassociating those of the hardware resources in the first partition from the operating 
system and reconfiguring interrupts. 

20, (previously presented) The method of claim 1 7, further comprising: 

the operating system retaining full control of a second partition of the 
hardware resources; and 

isolating the second partition of the hardware resources to protect the 
hardware resources associated with the operating system from the customized execution 
environment by employing hardware isolation. 
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21. (previously presented) The method of claim 20, further comprising isolating the 
first partition of the hardware resources to protect the hardware resources associated with 
the customized execution environment from the operating system by employing hardware 
isolation. 

22. (previously presented) The method of claim 20, wherein the hardware isolation 
comprises establishing one or more disjoint sets of protection keys for one or more 
operations on one or more ranges of virtually addressed memory in the first or second 
partitions of the hardware resources. 

23. (previously presented) Hie method of claim 20, wherein the hardware isolation 
comprises establishing one or more disjoint sets of region identifiers for one or more 
operations on one or more ranges of virtually addressed memory in the first or second 
partitions of the hardware resources. 

24. (previously presented) The method of claim 20, wherein the hardware isolation 
comprises associating one or more ranges of memory in the second partition of the 
hardware resources with a processor in the second partition, and associating one or more 
ranges of memory in the first partition of the hardware resources with a processor in the 
first partition. 

25. (previously presented) The method of claim 24, wherein said associating one or 
more ranges of memory in the second partition of the hardware resources with a 
processor in the second partition, and said associating one or more ranges of memory m 
the first partition of the hardware resources with a processor in the first partition, 
comprises employing a region-identifier-based memory partitioning mechanism. 

26. (previously presented) The method of claim 1 7, further comprising: 

receiving an indication that the customized execution environments is 
terminating; and 
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the operating system assuming control of the first partition of the hardware 

resources. 

27. (previously presented) A system comprising: 

a computer-readable medium encoded with instructions that implement a 
resident operating system and one or more customized execution environments, each 
customized execution environment providing an execution environment for a single 
application, and exclusively managing a subset of hardware resources of a computer 
system, with no operating system abstractions or interfaces interposed between the 
customized execution environment and tire subset of hardware resources; 

one or more processor coupled to the one or more storage devices, that 
execute the resident operating system and the customized control environment, where: 

a determination is made with respect to which portion of hardware 
resources of the system, including the one or more processors and memory of the system, 
are to remain under control of the resident operating system and which portion of the 
hardware resources are to be placed under control of the one or more customized 
execution environments; and 

the hardware resources are partitioned among the resident operating 
system and the one or more customized execution environments by associating one or 
more portions of the hardware resources with the one or more customized execution 
environments. 

28. (previously presented) A server comprising: 

a computer-readable medium encoded with instructions that implement a 
resident operating system and one or more concurrent customized execution 
environments, each customized execution environment providing an execution 
environment for a single application, and exclusively managing a subset of hardware 
resources of a computer system, with no operating system abstractions or interfaces 
interposed between the customized execution environment and the subset of hardware 
resources, the resident operating system capable of establishing a first partition of 
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hardware resources for use and control by the operating system and a second partition of 
hardware resources for use and control by the concurrent customized execution 
environments; 

one or more storage devices having stored thereon software images of an 
operating system and customized control environment and services associated with a 
concurrent custom execution environment, the operating system capable of establishing a 
first partition of resources for use and control by the operating system and a second 
partition of resources for use and control by the C 2 E 2 ; 

one or more processors, coupled to the computer-readable medium, te that 
execute the resident operating system, where: 

a first portion of one or more storage devices, a first portion of the one or 
more processors, a first portion of memory, and a first portion of one or more 
input/output (I/O) devices are associated with the first partition by the operating system; 

a second portion of one or more storage devices, a second portion of the 
one or more processors, a second portion of the memory, and a second portion of the one 
or more input/output (I/O) devices are associated with the second partition by the resident 
operating system; 

the first partition is isolated to protect the hardware resources associated 
with the resident operating system from the concurrent custom execution environment by 
employing hardware-based security measures; and 

full control of the second partition is surrendered to the concurrent custom 
execution environment by the resident operating system initializing and invoking the 
customized control environment and services in the second portion of memoiy. 

29. (previously presented) The server of claim 28, wherein the second partition is 
isolated to protect the hardware resources associated with the concurrent custom 
execution environment from the resident operating system by employing hardware-based 
security measures. 
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30. (original) The server of claim 28, wherein the customized control environment 
and services are non-portable. 

31. (original) The server of claim 28, wherein the first partition includes at least one 
processor. 

32. (original) The server of claim 28, wherein the second partition includes at least 
one processor. 

33. (original) The server of claim 28, wherein the one or more storage devices have 
stored thereon a software image of a customized application for which a computational 
structure of the customized control environment and services has been tuned. 

34. (original) The server of claim 33, wherein the customized application comprises a 
web edge engine. 

35. (original) The server of claim 34, wherein the web edge engine comprises a web 
server. 

36. (original) The server of claim 34, wherein the web edge engine comprises an 
application server. 

37. (original) The server of claim 34, wherein the web edge engine comprises a 
communication server. 

38. (original) The server of claim 28, wherein a communication channel is maintained 
between the first partition and the second partition, and wherein a dynamic content 
generator executes within the first partition and provides dynamic content to the web 
server via the communication channel. 
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39. (original) The server of claim 28, wherein the hardware-based security measures 
comprise use of one or more of region identifiers, protection identifiers, and memory 
page access rights values. 

40. (currently amended) Aft A computer-readable medium having an operating 
system stored thereon, the operating system comprising: 

a means for partitioning hardware resources into a least a first partition to 
remain under the control of the operating system, which executes within a computer 
system, and a second partition that is to be placed under the full control of a concurrent 
custom execution environment, tire concurrent customized execution environment 
providing an execution environment for a single application, and exclusively managing a 
subset of hardware resources of die computer system, with no operating system 
abstractions or interfaces interposed between the customized execution environment and 
the subset of hardware resources; 

an interface means to hardware-based isolation features for protecting the 
syst e m hardware resources of the first partition against access by the concurrent custom 
execution environment; 

a means for transferring full control of the hardware resources of the 
second partition to the concurrent custom execution environment, including initializing 
and invoking customized control and services associated with the concurrent custom 
execution environment; and 

a means for providing communication between the first partition and the 
second partition. 

41. (previously presented) The operating system of claim 40, further comprising a 
means for reincorporating partitioned hardware resources. 

42. (previously presented) The operating system of claim 40, further comprising; 

separate means for operator control of the operating system and the 
concurrent custom execution environment; and 
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separate interface means for monitoring the operating system and the concurrent 
custom execution environment. 

43. (currently amended) An A computer-readable medium having an operating 
system stored thereon, the operating system comprising: 

a means for communicating with one or more concurrent custom 
execution environments operating within and controlling respective hardware-enforced 
partitions of hardware resources separate from a hardware-enforced partition of hardware 
resources in which the operating system resides, the concurrent customized execution 
enviromnent providing an execution enviromnent for a single application, and 
exclusively managing a subset of hardware resources of a computer system, with no 
operating system abstractions or interfaces interposed between the customized execution 
environment and the subset of hardware resources; and 

a means for causing a concurrent custom execution environment of the 
one or more concurrent custom execution environment to begin processing or to 
terminate. 
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REMARKS 

In a telephone discussion with Examiner Wang, on Nov. 4 th , 2008, 
Applicant's representative agreed to the above amendments to the claims and 
specification of the current application. Applicant's representative wishes to thank 
Examiner Wang, on his behalf and on behalf of Applicant, Bill Worley, for her attention 
to this application and assisting the Applicant in furthering prosecution of the current 
application. Should Applicant's representative have missed any agreed-to amendments, 
Applicant's representative will happily make additional amendments via telephone, email, 
or another written response. 

In Applicant's representative's opinion, all of the claims remaining in the 
current application are clearly allowable. Favorable consideration and a Notice of 
Allowance are earnestly solicited. 

Respectfully submitted, 
WilliamS. Worley, Jr. 
Olympic Patent Works PLLC 

Rbbert W. Bergstrom / 
Registration No. 39,906 / 



Enclosures: 

Postcard 

Transmittal in duplicate 

Olympic Patent Works PLLC 
P.O. Box 4277 
Seattle, WA 98194-0277 
206.621.1933 telephone 
206.621.5302 fax 
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